A system, which monitors or controls a manufacturing plant, may be used to perform a variety of different tasks and may include different end devices that were designed without sufficient security mechanisms. For example, an industrial network of computer systems and components may be used in controlling and/or monitoring industrial systems. Such industrial systems can be used in connection with manufacturing, power generation, energy distribution, waste handling, transportation, telecommunications, and water treatment. The industrial network may be connected and accessible through other networks, both directly and indirectly, including a corporate network and the Internet. The industrial network may thus be susceptible to both internal and external cyber-attacks and non-intentional actions that still disrupt the performance/operation of the system. As a preventive measure from external cyber-attacks, firewalls or other security measures may be taken to separate the industrial network from other networks. However, the industrial network is still vulnerable since such security measures are not foolproof in the prevention of external attacks by viruses, worms, Trojans and other forms of malicious code as well as computer hacking, intrusions, insider attacks, errors, and omissions may occur. Additionally, an infected laptop, for example, can bypass the firewall by connecting to the industrial network using a modem, direct connection, or by a virtual private network (VPN). The laptop may then introduce worms or other forms of malicious code into the industrial network. Moreover, a laptop may be connected directly to the network behind the firewall.
One approach, in accordance with prior art, is to monitor events of the industrial network and accordingly raise alerts. The industrial network may perform a threat assessment and respond in accordance with the threat assessment. A wide variety of conditions relating to performance, health and security information about the industrial network as well as other factors reflecting conditions external to the industrial network may be taken into account. However, the monitoring of alarms is an alert capability that can be used to trigger actions to prevent access but, by itself, does not prevent access.
Many industrial Ethernet end devices have very little or no security because either the end devices were designed and deployed before security was an issue or because the end devices are based on limited resources and security was not included in the design. Consequently, a security device is needed that provides sufficient security for each end device in an industrial network by protecting existing devices that are currently installed as well as new devices that lack needed security features.